In the News

Nov 21, 2018

There's been a surge of cybercriminals and cybergangs who bypass consumers and going directly to their favorite e-commerce merchants to rob them – and they are expected to step up their game on Black Friday, the start of the holiday shopping season.

As more and more consumers are forgoing the Black Friday trip to the mall and doing their shopping online over more days, profitability from online theft is growing, says Marshal Cohen, chief industry advisor of The NPD Group.

“No matter how diligently consumers strive to protect their credit card and personal information, organized crime is attacking the places where we shop online with no less than 14 malware families aimed at the biggest e-commerce brands,” warns Jeremy Samide, CEO of Stealthcare. The cybersecurity firm has developed a unique cyber threat intelligence platform called Zero Day Live. Stealthcare’s Zero Day Live detects cyberattacks and protects its "e-retailor" clients with the tools needed to prevent these greed-motivated cyberattacks.

New Malware

This season’s top malware and variants are among the banking trojan malware families Betabot, Panda, Gozi, Zeus, Chthonic, TinyNuke, Gootkit2, IcedID and SpyEye that capture credit card information during checkout and point-of-sale.

Betabot leads the pack of threats with the highest level of targeting being aimed at 46 different online retail brands, many of which are considered to be among the most trusted in the world.

According to the 13 November 2018 edition of Bank Info Security, card scrapping code has infected over 100,000 e-commerce sites, which read like a who’s who of online retail, entertainment and travel companies.

Online Holiday Shoppers Can Help

While e-commerce sites are the primary targets, since hackers can scrape data from millions of cards, consumers have a job to do when it comes to protecting what’s in their wallet.

Says Samide, “Don’t ignore those tiny seven to ten-dollar charges that appear out of nowhere on your credit card. If you can’t attribute the charge to a purchase, notify your credit card company or bank. Thieves test cards with innocuous purchases before going in for the big score.”

  • Don’t make purchases using unsecured Wi-Fi hot spots at the coffee shop.
  • Change passwords frequently and do not use obvious words such as "books" for Amazon or "airplane" for Travelocity.
  • Don’t share your passwords or allow friends to log into your accounts, no matter how insignificant it seems.
  • Know how your kids use your devices. They tend to roam into the Google Play store and download weird games or visit other sites that can be the source of an attack; that goes for kids of all ages, including their parents!
  • Use two-factor authentication for email and application access wherever possible. It can be done with little effort and it adds a secondary layer of protection of resources.
  • Provide the least amount of information to third-party requests to reduce your attack surface.

Be very protective about your personal information. Those five-minute surveys enticing you with a chance to win a $25 Amazon gift card are “a common sucker play,” says Samide. "In the unlikely event you win, you have given a third-party information you may think is irrelevant but when correlated with other public information on you, it could mean everything.”